Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit c83f468

Browse files
stamparmstamparm
committed
Trivial changes
1 parent 35d76f3 commit c83f468

2 files changed

Lines changed: 12 additions & 10 deletions

File tree

plugins/generic/search.py

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -160,7 +160,6 @@ def searchTable(self):
160160
rootQuery = queries[Backend.getIdentifiedDbms()].search_table
161161
tblCond = rootQuery.inband.condition
162162
dbCond = rootQuery.inband.condition2
163-
whereDbsQuery = ""
164163
tblConsider, tblCondParam = self.likeOrExact("table")
165164

166165
for tbl in tblList:
@@ -175,14 +174,16 @@ def searchTable(self):
175174
infoMsg += "s like"
176175
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl)
177176

178-
if conf.db and conf.db != CURRENT_DB:
177+
if dbCond and conf.db and conf.db != CURRENT_DB:
179178
_ = conf.db.split(",")
180179
whereDbsQuery = " AND (" + " OR ".join("%s = '%s'" % (dbCond, unsafeSQLIdentificatorNaming(db)) for db in _) + ")"
181180
infoMsg += " for database%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(db for db in _))
182181
elif conf.excludeSysDbs:
183182
whereDbsQuery = "".join(" AND '%s' != %s" % (unsafeSQLIdentificatorNaming(db), dbCond) for db in self.excludeDbsList)
184183
infoMsg2 = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList))
185184
logger.info(infoMsg2)
185+
else:
186+
whereDbsQuery = ""
186187

187188
logger.info(infoMsg)
188189

@@ -191,6 +192,7 @@ def searchTable(self):
191192

192193
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
193194
query = rootQuery.inband.query
195+
194196
query = query % (tblQuery + whereDbsQuery)
195197
values = inject.getValue(query, blind=False, time=False)
196198

xml/queries.xml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -190,16 +190,16 @@
190190
<blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" count="SELECT LTRIM(STR(COUNT(*))) FROM %s" count2="SELECT LTRIM(STR(COUNT(DISTINCT(%s)))) FROM %s"/>
191191
</dump_table>
192192
<search_db>
193-
<inband query="SELECT name FROM master..sysdatabases WHERE %s" condition="name"/>
194-
<blind query="SELECT name FROM master..sysdatabases WHERE %s" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases WHERE %s" condition="name"/>
193+
<inband query="SELECT name FROM master..sysdatabases WHERE " condition="name"/>
194+
<blind query="SELECT name FROM master..sysdatabases WHERE " count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases WHERE " condition="name"/>
195195
</search_db>
196196
<search_table>
197-
<inband query="SELECT name FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v') AND %s" condition="name" condition2="name"/>
198-
<blind query="SELECT name FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v') AND %s" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v')" condition="name" condition2="name"/>
197+
<inband query="SELECT name FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v') AND " condition="name" condition2="name"/>
198+
<blind query="SELECT name FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v') " count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE %s..sysobjects.xtype IN ('u','v')" condition="name" condition2="name"/>
199199
</search_table>
200200
<search_column>
201-
<inband query="SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype in ('u','v')" condition="[DB]..syscolumns.name" condition2="[DB]..sysobjects.name"/>
202-
<blind query="SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype in ('u','v')" count="SELECT COUNT(%s..sysobjects.name) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype in ('u','v')" condition="[DB]..syscolumns.name" condition2="[DB]..sysobjects.name"/>
201+
<inband query="SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype IN ('u','v')" condition="[DB]..syscolumns.name" condition2="[DB]..sysobjects.name"/>
202+
<blind query="SELECT %s..sysobjects.name FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype IN ('u','v')" count="SELECT COUNT(%s..sysobjects.name) FROM %s..syscolumns,%s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.xtype IN ('u','v')" condition="[DB]..syscolumns.name" condition2="[DB]..sysobjects.name"/>
203203
</search_column>
204204
</dbms>
205205

@@ -543,11 +543,11 @@
543543
<blind query="SELECT MIN(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s)>'%s'" query2="SELECT MAX(%s) FROM %s WHERE CONVERT(NVARCHAR(4000),%s) LIKE '%s'" count="SELECT COUNT(*) FROM %s" count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS value_table"/>
544544
</dump_table>
545545
<search_db>
546-
<inband query="SELECT name FROM master..sysdatabases WHERE %s" condition="name"/>
546+
<inband query="SELECT name FROM master..sysdatabases WHERE " condition="name"/>
547547
<blind/>
548548
</search_db>
549549
<search_table>
550-
<inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U') AND %s" condition="name" condition2="name"/>
550+
<inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U') AND " condition="name" condition2="name"/>
551551
<blind/>
552552
</search_table>
553553
<search_column>

0 commit comments

Comments
 (0)